Designing High Throughput Networking Silicon for Mobile Data Offload. Using Hardware IP to Accelerate Small Packet Data Streams in epdg

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Designing High Throughput Networking Silicon for Mobile Data Offload. Using Hardware IP to Accelerate Small Packet Data Streams in epdg"

Transcription

1 Designing High Throughput Networking Silicon for Mobile Data Offload Using Hardware IP to Accelerate Small Packet Data Streams in epdg

2 INTRODUCTION Network processor design teams are faced with rapidly increasing requirements for high throughput communications security, driven by a combination of market forces and emerging technology trends. One of the most significant technology trends is mobile data offload to WiFi using the Evolved Packet Data Gateway (epdg) architecture. Mobile data offload with epdg and its effect on networking security requirements are the focus of this white paper. The white paper first describes the usage of the epdg for WiFi off- load and provides a technical overview of epdg, including its reliance on the IPsec security protocol. It then considers the bottleneck epdg generates for security protocol processing, especially as it relates to small packet data streams. Lastly, the white paper looks at how this epdg security bottleneck can be efficiently addressed using a high capacity hardware IP implementation of IPsec. MOBILE DATA OFFLOAD USING epdg Rapidly escalating Internet traffic and increasing demands for secure communications, are putting pressure on networking silicon for huge increases in security protocol throughput. Adding to the market forces pressure are technology trends in communications implementations. One of the most significant of these technology trends is the increasing use of mobile offload to WiFi, which is driving a further rise in encrypted packet traffic. On a global basis, telecommunications operators offloaded 45% of their total mobile data traffic in 2013*. Now the telecommunications operators are preparing to launch mobile data offload based on a seamless handover between LTE and WiFi using the Evolved Packet Data Gateway (epdg) architecture. epdg is the key to maintaining continuity and security in the handover between licensed and unlicensed radio spectrum. WiFi OFFLOAD CONCEPTS There are two different concepts for WiFi Offload: Operator WiFi (trusted access): The operator complements its cellular coverage by also providing its subscribers with WiFi access, either directly or through partners. The operator is here in its traditional role of providing coverage and Internet access. There are currently a lot of commercial deployments of Operator WiFi. epdg (un- trusted access): The operator is a service provider that wants to deliver its services through the best available access. The subscriber already has Internet access (e.g. home WiFI or public hotspot) and the operator services can opportunistically and seamlessly take advantage of the existing connection. * Cisco Visual Networking Index 2 / 6 Networking Security

3 Both concepts aim at driving down the cost of delivering data by leveraging WiFi. However, these concepts are based on different philosophies and should not be considered to be in opposition to each other. There are valid reasons to build out private and controlled WiFi coverage and to also opportunistically connect to any available WiFi to deliver services. SYSTEM ARCHITECTURE The system is described in the 3GPP specification as untrusted non- 3GPP access (typically WLAN access) with Network Based Mobility. Within this architecture, Internet Protocol Security (IPsec) is the security protocol used by epdg to protect the integrity and confidentiality of communications. The picture below is a simplified view of the 3GPP architecture. In fact, the mobile device (UE) may use multiple operator services in parallel therefore may establish multiple IPsec connections to epdg(s). In addition the mobile may have its own corporate connection requiring a VPN from the mobile to the corporate network over both LTE and WiFi (not depicted below). Figure 1: The 3GPP Architecture with epdg The epdg (evolved Packet Data gateway) is the IPsec gateway terminating the IPsec connection from the mobile (Swu interface), able to relay SIM or USIM authentication (EAP- SIM or EAP- AKA) to the operator s AAA and to establish a tunnel (Proxy Mobile IP or GTP are standardized) toward the PDN Gateway. 3/6 Networking Security

4 The PDN gateway is acting as the gateway of the 3GPP network that allocates the UE s virtual IP address and is able to tunnel the traffic coming to this IP address to epdg or LTE network for IP address preservation. The UE (User Equipment) is able to connect to its operator s services either through an IPsec connection or an LTE connection. The epdg function is to terminate a high number of IPsec connections and relay them to the PDN Gateway. It therefore requires an IPsec stack with a high rate of IKEv2 connections per seconds and a high throughput of Encapsulating Security Payload (ESP) for IPv4 and IPv6. EPDG S BOTTLENECK EFFECT ON SECURITY PROTOCOL PROCESSING epdg has a two- pronged effect on increasing demand for security protocol processing throughput. First, it simply creates more traffic that must be processed with the IPsec protocol; second, and more importantly, it drives a greatly increased volume of small packets. IP packets supporting Internet use are typically on the order of 1000 to 1500 bytes, but Voice packets, a significant piece of mobile offload, may contain less than 50 bytes of payload. When encrypted, each packet, large or small, has a certain fixed level of IPsec security processing overhead, including packet classification, data flow management, security registration and data buffer management. This overhead means that small packets severely reduce performance efficiency, with throughput in a typical network processor dropping to 1/3 or even 1/5 the throughput for large packets. INCREASING THROUGHPUT WITH HARDWARE ACCELERATION The use of epdg has performance implications for networking silicon. The IPsec protocol stack can be executed in software on the primary CPU. However, the operations are resource intensive as they execute algorithms with complex math for the decryption and encryption of the data, as well as processing the header information for each packet and then implementing extensive data movement to manage the sequence of operations performed on the packet after it arrives in a data flow. Thus, a software- only approach runs into an early bottleneck as the compute- intensive and data- movement operations overload the primary CPU. Performance is typically limited to maximum throughput levels of less than 2 Gbps, Adding simple cryptographic algorithm cores in hardware IP for hashing or ciphering will provide throughput benefits for large packets but will, in fact, decrease performances for small packets, as the protocol overhead for each packet is still handled by software on the primary CPU. This reduced performance is not suitable for epdg where Voice over LTE (VoLTE) will represent a large share of the traffic. A third option is full IPsec protocol processing in hardware IP. This option delivers the efficiency of hardware- based execution for all protocol processing steps and it offloads the CPU, removing 4 / 6 Networking Security

5 the throughput bottleneck. In addition, and important for handling epdg traffic, a comprehensive hardware IP solution deals with the per- packet header processing, including IPsec packet classification. INSIDE SECURE S APPROACH INTELLIGENT PACKET ENGINES An example of full IPsec protocol processing in hardware IP is the family of Intelligent Packet Engines (IPE) developed by INSIDE Secure. The family contains multiple, high- performance integrated modules that execute full security protocol processing. The modules are referred to as intelligent since they contain complete protocol knowledge and don t need software on the host CPU to intervene while processing the data packets. The engines can thus apply the protocol knowledge to manipulate the packets, manage multiple data flows, and execute a wide range of other functions. High end performance is achieved thru coordinated parallelization. Multiple instances of crypto- processing algorithms are used, servicing multiple data flows. Other portions of the Packet Engine manage that parallel performance by maintaining cache coherency across the data flows. Figure 2: The Intelligent Packet Engines developed by Inside Secure provide multi- CPU support and are implemented with several internal architectures, including in- line, look- aside, and hybrid look- aside (shown above) Most critically for epdg traffic, an Intelligent Packet Engine delivers efficient support for small packet data streams. It offloads the per- packet processing overhead from the CPU, handling those overhead operations in IP. For example, various IP components manage: IPsec classification and packet transformation Security registrations Setting up cryptographic operations Providing keys to cryptographic operations Executing these overhead functions in dedicated IP allows small packet throughput to stay within 50% of the large packet throughput for equivalent data volumes. 5/6 Networking Security

6 CONCLUSION Mobile data offload to WiFi using the epdg architecture is a concept aimed at driving down the cost of delivering data by leveraging WiFi. Its effect on networks is the transfer of huge traffic volumes to Internet connections, communications that are protected using the IPsec security protocol. This creates a significant performance challenge for high throughput IPsec protocol processing in networking silicon. The challenge involves not just increased traffic volumes but also a performance bottleneck formed by Voice- driven small packet data streams. The per- packet IPsec processing overhead overwhelms a networking processors primary CPU if a software only approach is used and adding crypto- only IP cores is ineffective in addressing the bottleneck. Full IPsec protocol processing in hardware IP addresses the per- packet overhead issue of small packet data streams. INSIDE Secure s family of Intelligent Packet Engines is an implementation of this approach, enabling small packet throughput to stay within 50% of the large packet throughput for equivalent data volumes. ABOUT INSIDE SECURE INSIDE Secure provides comprehensive embedded security solutions. World- leading companies rely on INSIDE Secure s mobile security and secure transaction offerings to protect critical assets including connected devices, content, services, identity and transactions. Unmatched security expertise combined with a comprehensive range of IP, semiconductors, software and associated services gives INSIDE Secure customers a single source for advanced solutions and superior investment protection. For more information, visit 6 / 6 Networking Security

Oracle s Secure HetNet Backhaul Solution. A Solution Based on Oracle s Network Session Delivery and Control Infrastructure

Oracle s Secure HetNet Backhaul Solution. A Solution Based on Oracle s Network Session Delivery and Control Infrastructure Oracle s Secure HetNet Backhaul Solution A Solution Based on Oracle s Network Session Delivery and Control Infrastructure HetNets are a gradual evolution of cellular topology, not a distinct network unto

More information

3G/Wi-Fi Seamless Offload

3G/Wi-Fi Seamless Offload Qualcomm Incorporated March 2010 Table of Contents [1] Introduction... 1 [2] The Role of WLAN... 2 [3] 3G/Wi-Fi Seamless Offload Pathway... 2 [4] Application-Based Switching... 3 [5] Wi-Fi Mobility...

More information

Mobile IPv6 deployment opportunities in next generation 3GPP networks. I. Guardini E. Demaria M. La Monaca

Mobile IPv6 deployment opportunities in next generation 3GPP networks. I. Guardini E. Demaria M. La Monaca Mobile IPv6 deployment opportunities in next generation 3GPP networks I. Guardini E. Demaria M. La Monaca Overview of SAE/LTE Terminology SAE (System Architecture Evolution): core network/system aspects

More information

Cisco Wireless Security Gateway R2

Cisco Wireless Security Gateway R2 Cisco Wireless Security Gateway R2 Product Overview The Cisco Wireless Security Gateway (WSG) is a highly scalable solution for tunneling femtocell, Unlicensed Mobile Access (UMA)/Generic Access Network

More information

Securing IP Networks with Implementation of IPv6

Securing IP Networks with Implementation of IPv6 Securing IP Networks with Implementation of IPv6 R.M.Agarwal DDG(SA), TEC Security Threats in IP Networks Packet sniffing IP Spoofing Connection Hijacking Denial of Service (DoS) Attacks Man in the Middle

More information

How to secure an LTE-network: Just applying the 3GPP security standards and that's it?

How to secure an LTE-network: Just applying the 3GPP security standards and that's it? How to secure an LTE-network: Just applying the 3GPP security standards and that's it? Telco Security Day @ Troopers 2012 Peter Schneider Nokia Siemens Networks Research 1 Nokia Siemens Networks 2012 Intro

More information

A 3G/LTE Wi-Fi Offload Framework: Connectivity Engine (CnE) to Manage Inter-System Radio Connections and Applications

A 3G/LTE Wi-Fi Offload Framework: Connectivity Engine (CnE) to Manage Inter-System Radio Connections and Applications Engine (CnE) to Manage Inter-System Radio Connections and Applications Qualcomm Incorporated June 2011 QUALCOMM is a registered trademark of QUALCOMM Incorporated in the United States and may be registered

More information

IPv6 will provide enough addresses to allow for every region, country and company to have an abundance of IP addresses to meet their need.

IPv6 will provide enough addresses to allow for every region, country and company to have an abundance of IP addresses to meet their need. Susana R. de Novoa Several market forces accelerated IPv4 address exhaustion: Rapidly growing number of Internet users Always-on devices ADSL modems, cable modems Mobile devices laptop computers, PDAs,

More information

ETSI TS 124 303 V8.9.0 (2012-07)

ETSI TS 124 303 V8.9.0 (2012-07) TS 124 303 V8.9.0 (2012-07) Technical Specification Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); LTE; Mobility management based on Dual-Stack

More information

Protocol Security Where?

Protocol Security Where? IPsec: AH and ESP 1 Protocol Security Where? Application layer: (+) easy access to user credentials, extend without waiting for OS vendor, understand data; (-) design again and again; e.g., PGP, ssh, Kerberos

More information

Security in the Evolved Packet System

Security in the Evolved Packet System Vinjett Keeping wireless communication secure 4 Security in the Evolved Packet System Security is a fundamental building block of wireless telecommunications systems. It is also a process new threats are

More information

Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN)

Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN) Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN) Prof. Shervin Shirmohammadi SITE, University of Ottawa Prof. Shervin Shirmohammadi CEG 4185 10-1 Virtual LANs Description: Group of devices

More information

Introduction to Security and PIX Firewall

Introduction to Security and PIX Firewall Introduction to Security and PIX Firewall Agenda Dag 28 Föreläsning LAB PIX Firewall VPN A Virtual Private Network (VPN) is a service offering secure, reliable connectivity over a shared, public network

More information

Co-existence of Wireless LAN and Cellular Henry Haverinen Senior Specialist Nokia Enterprise Solutions

Co-existence of Wireless LAN and Cellular Henry Haverinen Senior Specialist Nokia Enterprise Solutions Co-existence of Wireless LAN and Cellular Henry Haverinen Senior Specialist Nokia Enterprise Solutions 1 2005 Nokia city_wlan_2005_haverinen.ppt / 2005-08-19 / HH Outline Key use cases of integrating Wireless

More information

ALCATEL-LUCENT 7750 SERVICE ROUTER NEXT-GENERATION MOBILE GATEWAY FOR LTE/4G AND 2G/3G AND ANCHOR FOR CELLULAR-WI-FI CONVERGENCE

ALCATEL-LUCENT 7750 SERVICE ROUTER NEXT-GENERATION MOBILE GATEWAY FOR LTE/4G AND 2G/3G AND ANCHOR FOR CELLULAR-WI-FI CONVERGENCE ALCATEL-LUCENT 7750 SERVICE ROUTER NEXT-GENERATION MOBILE GATEWAY FOR LTE/4G AND 2G/3G AND ANCHOR FOR CELLULAR-WI-FI CONVERGENCE The is a next generation mobile packet core data plane platform that supports

More information

Lecture 17 - Network Security

Lecture 17 - Network Security Lecture 17 - Network Security CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Idea Why donʼt we just integrate some of these neat

More information

Access to GSM and GPRS mobile services over unlicensed spectrum technologies through UMA

Access to GSM and GPRS mobile services over unlicensed spectrum technologies through UMA Access to GSM and GPRS mobile services over unlicensed spectrum technologies through UMA Snehlata Barde Sujata Khobragade Rasmiprava Singh NIT Raipur(C.G.) MATS university, Raipur MATS university,raipur

More information

Virtual Private Networks

Virtual Private Networks Virtual Private Networks ECE 4886 Internetwork Security Dr. Henry Owen Definition Virtual Private Network VPN! Virtual separation in protocol provides a virtual network using no new hardware! Private communication

More information

Cisco Integrated Services Routers Performance Overview

Cisco Integrated Services Routers Performance Overview Integrated Services Routers Performance Overview What You Will Learn The Integrated Services Routers Generation 2 (ISR G2) provide a robust platform for delivering WAN services, unified communications,

More information

EXPANDING THE SECURE DELIVERY OF ULTRA-BROADBAND MOBILE SERVICES OVER UNTRUSTED WI-FI APPLICATION NOTE

EXPANDING THE SECURE DELIVERY OF ULTRA-BROADBAND MOBILE SERVICES OVER UNTRUSTED WI-FI APPLICATION NOTE EXPANDING THE SECURE DELIVERY OF ULTRA-BROADBAND MOBILE SERVICES OVER UNTRUSTED WI-FI APPLICATION NOTE ABSTRACT The Evolved Packet Data Gateway () function allows operators to securely deliver mobile packet

More information

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity Basic Security Requirements and Techniques Confidentiality The property that stored or transmitted information cannot be read or altered by an unauthorized party Integrity The property that any alteration

More information

Performance Evaluation of Mobile Wi-Fi-based M2M Data Traffic Multiplexing

Performance Evaluation of Mobile Wi-Fi-based M2M Data Traffic Multiplexing Performance Evaluation of Mobile Wi-Fi-based M2M Data Traffic Multiplexing Muhammad Tariq Afridi 1, Safdar Nawaz Khan Marwat 1, Yasir Mehmood 2, Jebran Khan 1, Carmelita Görg 2 1 Department of Computer

More information

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS

More information

Mobility Management for All-IP Core Network

Mobility Management for All-IP Core Network Mobility Management for All-IP Core Network Mobility Management All-IP Core Network Standardization Special Articles on SAE Standardization Technology Mobility Management for All-IP Core Network PMIPv6

More information

Deploying IPv6 in 3GPP Networks. Evolving Mobile Broadband from 2G to LTE and Beyond. NSN/Nokia Series

Deploying IPv6 in 3GPP Networks. Evolving Mobile Broadband from 2G to LTE and Beyond. NSN/Nokia Series Brochure More information from http://www.researchandmarkets.com/reports/2379605/ Deploying IPv6 in 3GPP Networks. Evolving Mobile Broadband from 2G to LTE and Beyond. NSN/Nokia Series Description: Deploying

More information

VPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu

VPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu VPN Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu What is VPN? A VPN (virtual private network) is a private data network that uses public telecommunicating infrastructure (Internet), maintaining

More information

Wireless & Mobile. Working Group

Wireless & Mobile. Working Group Wireless & Mobile Working Group Table of Contents 1 Executive Summary... 3 2 Mission & Motivation... 3 3 Scope... 3 4 Goals & Non-Goals... 4 5 Deliverables... 5 6 Milestones... 6 7 Example Use Cases Summaries...

More information

Unlicensed Mobile Access (UMA) Handover and Packet Data Performance Analysis

Unlicensed Mobile Access (UMA) Handover and Packet Data Performance Analysis Unlicensed Mobile Access (UMA) Handover and Packet Data Performance Analysis Andres Arjona Nokia Siemens Networks andres.arjona@nsn.com Hannu Verkasalo Helsinki University of Technology hannu.verkasalo@tkk.fi

More information

21.4 Network Address Translation (NAT) 21.4.1 NAT concept

21.4 Network Address Translation (NAT) 21.4.1 NAT concept 21.4 Network Address Translation (NAT) This section explains Network Address Translation (NAT). NAT is also known as IP masquerading. It provides a mapping between internal IP addresses and officially

More information

FMC (Fixed Mobile Convergence)

FMC (Fixed Mobile Convergence) FMC (Fixed Mobile Convergence) What About Security? Vancouver June 2008 Franck Veysset, Orange Labs Firstname.lastname at orange-ftgroup dot com Agenda Introduction - FMC? WIFI-SIP overview UMA overview

More information

Cisco 3745. Cisco 3845 X X X X X X X X X X X X X X X X X X

Cisco 3745. Cisco 3845 X X X X X X X X X X X X X X X X X X Data Sheet Virtual Private Network (VPN) Advanced Integration Module (AIM) for the 1841 Integrated Services Router and 2800 and 3800 Series Integrated Services Routers The VPN Advanced Integration Module

More information

PERFORMANCE EVALUATION OF AAA / MOBILE IP AUTHENTICATION

PERFORMANCE EVALUATION OF AAA / MOBILE IP AUTHENTICATION PERFORMANCE EVALUATION OF AAA / MOBILE IP AUTHENTICATION A. Hess, G. Schäfer [hess,schaefer]@ee.tu-berlin.de Telecommunication Networks Group, Technische Universität Berlin, Germany Abstract This article

More information

Security Considerations for Intrinsic Monitoring within IPv6 Networks: Work in Progress

Security Considerations for Intrinsic Monitoring within IPv6 Networks: Work in Progress Security Considerations for Intrinsic Monitoring within IPv6 Networks: Work in Progress Alan Davy and Lei Shi Telecommunication Software&Systems Group, Waterford Institute of Technology, Ireland adavy,lshi@tssg.org

More information

Security Engineering Part III Network Security. Security Protocols (II): IPsec

Security Engineering Part III Network Security. Security Protocols (II): IPsec Security Engineering Part III Network Security Security Protocols (II): IPsec Juan E. Tapiador jestevez@inf.uc3m.es Department of Computer Science, UC3M Security Engineering 4th year BSc in Computer Science,

More information

EHRPD EV-DO & LTE Interworking. Bill Chotiner Ericsson CDMA Product Management November 15, 2011

EHRPD EV-DO & LTE Interworking. Bill Chotiner Ericsson CDMA Product Management November 15, 2011 EHRPD EV-DO & LTE Interworking Bill Chotiner Ericsson CDMA Product Management November 15, 2011 ehrpd LTE & CDMA Interworking What is ehrpd? HRPD Is Standards Name For EV-DO ehrpd Is evolved HRPD ehrpd

More information

Other VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer

Other VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer Other VPNs TLS/SSL, PPTP, L2TP Advanced Computer Networks SS2005 Jürgen Häuselhofer Overview Introduction to VPNs Why using VPNs What are VPNs VPN technologies... TLS/SSL Layer 2 VPNs (PPTP, L2TP, L2TP/IPSec)

More information

Objectives. Remote Connection Options. Teleworking. Connecting Teleworkers to the Corporate WAN. Providing Teleworker Services

Objectives. Remote Connection Options. Teleworking. Connecting Teleworkers to the Corporate WAN. Providing Teleworker Services ITE I Chapter 6 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Objectives Providing Teleworker Services Describe the enterprise requirements for providing teleworker services Explain how

More information

Intel DPDK Boosts Server Appliance Performance White Paper

Intel DPDK Boosts Server Appliance Performance White Paper Intel DPDK Boosts Server Appliance Performance Intel DPDK Boosts Server Appliance Performance Introduction As network speeds increase to 40G and above, both in the enterprise and data center, the bottlenecks

More information

Delivery of Voice and Text Messages over LTE

Delivery of Voice and Text Messages over LTE Delivery of Voice and Text Messages over LTE 1. The Market for Voice and SMS! 2. Third Party Voice over IP! 3. The IP Multimedia Subsystem! 4. Circuit Switched Fallback! 5. VoLGA LTE was designed as a

More information

WI-FI CALLING A POWERFUL CUSTOMER RETENTION TOOL JOHAN TERVE, VP MARKETING

WI-FI CALLING A POWERFUL CUSTOMER RETENTION TOOL JOHAN TERVE, VP MARKETING WI-FI CALLING A POWERFUL CUSTOMER RETENTION TOOL JOHAN TERVE, VP MARKETING 1 ABOUT APTILO NETWORKS Market leader in Wi-Fi Service Management 100+ deployments in 70 countries Critical component for Wi-Fi

More information

Nokia Networks. Voice over Wi-Fi. White paper. Nokia Networks white paper Voice over Wi-Fi

Nokia Networks. Voice over Wi-Fi. White paper. Nokia Networks white paper Voice over Wi-Fi Nokia Networks Voice over Wi-Fi White paper Nokia Networks white paper Voice over Wi-Fi Contents 1 Why consider VoWiFi? 3 2 User experience requirements 4 3 Mobile operator vs. OTT services 5 4 VoWiFi

More information

Wi-Fi integration with cellular networks enhances the customer experience. White paper

Wi-Fi integration with cellular networks enhances the customer experience. White paper Wi-Fi integration with cellular networks enhances the customer experience White paper Executive summary Contents Executive Summary 2 Mobile data services fuel 3 the traffic tornado Wi-Fi integration offers

More information

IPv6 Security: How is the Client Secured?

IPv6 Security: How is the Client Secured? IPv6 Security: How is the Client Secured? Jeffrey L Carrell Network Conversions Network Security Consultant 1 IPv6 Security: How is the Client Secured? IPv6/IPsec IPsec Challenges IPsec Monitoring/Management

More information

Axyom Ultra-Broadband Edge Platform

Axyom Ultra-Broadband Edge Platform MULTI-STANDARD ACCESS AND EDGE COMPUTING SOLUTIONS Expanding Quantity and Variety of Broadband Network Connections The Internet of Things (IoT), high-definition everything, virtual and augmented reality,

More information

Network Access Security in Mobile 4G LTE. Huang Zheng Xiong Jiaxi An Sihua 2013.07

Network Access Security in Mobile 4G LTE. Huang Zheng Xiong Jiaxi An Sihua 2013.07 Network Access Security in Mobile 4G LTE Huang Zheng Xiong Jiaxi An Sihua 2013.07 Outline Mobile Evolution About LTE Overview of LTE System LTE Network Access Security Conclusion Mobile Evolution Improvements

More information

Optimization Handoff in Mobility Management for the Integrated Macrocell - Femtocell LTE Network

Optimization Handoff in Mobility Management for the Integrated Macrocell - Femtocell LTE Network Optimization Handoff in Mobility Management for the Integrated Macrocell - Femtocell LTE Network Ms.Hetal Surti PG Student, Electronics & Communication PIT, Vadodara E-mail Id:surtihetal99@gmail.com Mr.Ketan

More information

Comparing Mobile VPN Technologies WHITE PAPER

Comparing Mobile VPN Technologies WHITE PAPER Comparing Mobile VPN Technologies WHITE PAPER Executive Summary Traditional approaches for encrypting data in transit such as IPSec and SSL are intended for wired networks with high speed, highly reliable

More information

MPLS VPN in Cellular Mobile IPv6 Architectures(04##017)

MPLS VPN in Cellular Mobile IPv6 Architectures(04##017) MPLS VPN in Cellular Mobile IPv6 Architectures(04##017) Yao-Chung Chang, Han-Chieh Chao, K.M. Liu and T. G. Tsuei* Department of Electrical Engineering, National Dong Hwa University Hualien, Taiwan, Republic

More information

SpiderCloud E-RAN Security Overview

SpiderCloud E-RAN Security Overview SpiderCloud E-RAN Security Overview Excerpt for SpiderCloud Wireless, Inc. 408 East Plumeria Drive San Jose, CA 95134 USA -hereafter called SpiderCloud- Page 1 of 7 Table of Contents 1 Executive Summary...5

More information

Quality of Service Analysis of site to site for IPSec VPNs for realtime multimedia traffic.

Quality of Service Analysis of site to site for IPSec VPNs for realtime multimedia traffic. Quality of Service Analysis of site to site for IPSec VPNs for realtime multimedia traffic. A Network and Data Link Layer infrastructure Design to Improve QoS in Voice and video Traffic Jesús Arturo Pérez,

More information

Integrated Services Router with the "AIM-VPN/SSL" Module

Integrated Services Router with the AIM-VPN/SSL Module Virtual Private Network (VPN) Advanced Integration Module (AIM) for the 1841 Integrated Services Router and 2800 and 3800 Series Integrated Services Routers The VPN Advanced Integration Module (AIM) for

More information

Clavister Small Cell Site Security Solution

Clavister Small Cell Site Security Solution clavister SolutionSeries Clavister Small Cell Site Security Distributed operator environment Clavister small cell site security solution SOLUTION AT-A-GLANCE Clavister Small Cell Security Gateway offers

More information

WHITE PAPER COMBATANT COMMAND (COCOM) NEXT-GENERATION SECURITY ARCHITECTURE USING NSA SUITE B

WHITE PAPER COMBATANT COMMAND (COCOM) NEXT-GENERATION SECURITY ARCHITECTURE USING NSA SUITE B COMBATANT COMMAND () NEXT-GENERATION SECURITY ARCHITECTURE USING NSA SUITE B TABLE OF CONTENTS COMBATANT COMMAND () NEXT-GENERATION SECURITY ARCHITECTURE USING NSA SUITE B NSA COMMERCIAL SOLUTION FOR CLASSIFIED

More information

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP)

Security Protocols HTTPS/ DNSSEC TLS. Internet (IPSEC) Network (802.1x) Application (HTTP,DNS) Transport (TCP/UDP) Transport (TCP/UDP) Internet (IP) Security Protocols Security Protocols Necessary to communicate securely across untrusted network Provide integrity, confidentiality, authenticity of communications Based on previously discussed cryptographic

More information

How To Secure My Data

How To Secure My Data How To Secure My Data What to Protect??? DATA Data At Rest Data at Rest Examples Lost Infected Easily Used as Backup Lent to others Data Corruptions more common Stolen Left at airports, on trains etc Hard

More information

13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode

13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode 13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) PPP-based remote access using dial-in PPP encryption control protocol (ECP) PPP extensible authentication protocol (EAP) 13.2 Layer 2/3/4

More information

Demo 1. Network Path and Quality Validation in the Evolved Packet Core

Demo 1. Network Path and Quality Validation in the Evolved Packet Core Competence Center NGNI Demo 1 Network Path and Quality Validation in the Evolved Packet Core 1 Fraunhofer Institute FOKUS and TU Berlin AV AV provides education and applied research together with Fraunhofer

More information

Intel Network Builders Solution Brief. Intel and ASTRI* Help Mobile Network Operators Support Small Cell Networks

Intel Network Builders Solution Brief. Intel and ASTRI* Help Mobile Network Operators Support Small Cell Networks Intel Network Builders Solution Brief Intel and ASTRI* Help Mobile Network Operators Support Small Cell Networks Overview Wireless networks built using small cell base stations are enabling mobile network

More information

Virtual Private Networks

Virtual Private Networks Outline Virtual Private Networks Cmput 410 Presentations November 25-2004 Introduction Types of VPNs Tunneling Security Encryption Future of VPNs VPN - Definition Introduction a way to provide remote access

More information

U.S. Patent Appl. No. 13/247.308 filed September 28, 2011 NETWORK ADDRESS PRESERVATION IN MOBILE NETWORKS TECHNICAL FIELD

U.S. Patent Appl. No. 13/247.308 filed September 28, 2011 NETWORK ADDRESS PRESERVATION IN MOBILE NETWORKS TECHNICAL FIELD U.S. Patent Appl. No. 13/247.308 filed September 28, 2011 NETWORK ADDRESS PRESERVATION IN MOBILE NETWORKS TECHNICAL FIELD [0001] The disclosure relates to mobile networks and, more specifically, to wireless

More information

Securing Next Generation Mobile Networks

Securing Next Generation Mobile Networks White Paper October 2010 Securing Next Generation Mobile Networks Overview As IP based telecom networks are deployed, new security threats facing operators are inevitable. This paper reviews the new mobile

More information

Príprava štúdia matematiky a informatiky na FMFI UK v anglickom jazyku

Príprava štúdia matematiky a informatiky na FMFI UK v anglickom jazyku Univerzita Komenského v Bratislave Fakulta matematiky, fyziky a informatiky Príprava štúdia matematiky a informatiky na FMFI UK v anglickom jazyku ITMS: 26140230008 dopytovo orientovaný projekt Moderné

More information

Delivering Network Performance and Capacity. The most important thing we build is trust

Delivering Network Performance and Capacity. The most important thing we build is trust Delivering Network Performance and Capacity The most important thing we build is trust The Ultimate in Real-life Network Perfomance Testing 1 The TM500 Family the most comprehensive 3GPP performance and

More information

Router Architectures

Router Architectures Router Architectures An overview of router architectures. Introduction What is a Packet Switch? Basic Architectural Components Some Example Packet Switches The Evolution of IP Routers 2 1 Router Components

More information

Security Testing 4G (LTE) Networks 44con 6th September 2012 Martyn Ruks & Nils

Security Testing 4G (LTE) Networks 44con 6th September 2012 Martyn Ruks & Nils Security Testing 4G (LTE) Networks 44con 6th September 2012 Martyn Ruks & Nils 11/09/2012 1 Today s Talk Intro to 4G (LTE) Networks Technical Details Attacks and Testing Defences Conclusions 11/09/2012

More information

CID 3.x ES/MES Features Description. September CID ES / MES Features Description Page 1

CID 3.x ES/MES Features Description. September CID ES / MES Features Description Page 1 CID 3.x ES/MES Features Description September 2010 CID ES / MES Features Description Page 1 Table of Contents 1. Introduction... 3 2. RADIUS Accounting Classification feature description... 3 3. Header

More information

CS 4803 Computer and Network Security

CS 4803 Computer and Network Security Network layers CS 4803 Computer and Network Security Application Transport Network Lower level Alexandra (Sasha) Boldyreva IPsec 1 2 Roughly Application layer: the communicating processes themselves and

More information

Integrated Services Router with the "AIM-VPN/SSL" Module

Integrated Services Router with the AIM-VPN/SSL Module Virtual Private Network (VPN) Advanced Integration Module (AIM) for the 1841 Integrated Services Router and 2800 and 3800 Series Integrated Services Routers The VPN Advanced Integration Module (AIM) for

More information

Virtual Private Network VPN IPSec Testing: Functionality Interoperability and Performance

Virtual Private Network VPN IPSec Testing: Functionality Interoperability and Performance Virtual Private Network VPN IPSec Testing: Functionality Interoperability and Performance Johnnie Chen Project Manager of Network Security Group Network Benchmarking Lab Network Benchmarking Laboratory

More information

Chapter 9. IP Secure

Chapter 9. IP Secure Chapter 9 IP Secure 1 Network architecture is usually explained as a stack of different layers. Figure 1 explains the OSI (Open System Interconnect) model stack and IP (Internet Protocol) model stack.

More information

VPN IPSec Application. Installation Guide

VPN IPSec Application. Installation Guide VPN IPSec Application Installation Guide 1 Configuring a IPSec LAN-to-LAN VPN Connection Table 3: Network Configuration and Security Plan Branch Office Head Office Local Network ID 192.168.0.0/24 192.168.1.0/24

More information

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

CS 356 Lecture 27 Internet Security Protocols. Spring 2013 CS 356 Lecture 27 Internet Security Protocols Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

Mobile Devices Security: Evolving Threat Profile of Mobile Networks

Mobile Devices Security: Evolving Threat Profile of Mobile Networks Mobile Devices Security: Evolving Threat Profile of Mobile Networks SESSION ID: MBS-T07 Anand R. Prasad, Dr.,ir., Selim Aissi, PhD Objectives Introduction Mobile Network Security Cybersecurity Implications

More information

Internet Protocol Security IPSec

Internet Protocol Security IPSec Internet Protocol Security IPSec Summer Semester 2011 Integrated Communication Systems Group Ilmenau University of Technology Outline Introduction Authentication Header (AH) Encapsulating Security Payload

More information

Telecommunication Services Engineering (TSE) Lab. Chapter III 4G Long Term Evolution (LTE) and Evolved Packet Core (EPC)

Telecommunication Services Engineering (TSE) Lab. Chapter III 4G Long Term Evolution (LTE) and Evolved Packet Core (EPC) Chapter III 4G Long Term Evolution (LTE) and Evolved Packet Core (EPC) http://users.encs.concordia.ca/~glitho/ Outline 1. LTE 2. EPC architectures (Basic and advanced) 3. Mobility management in EPC 4.

More information

Network Security. Lecture 3

Network Security. Lecture 3 Network Security Lecture 3 Design and Analysis of Communication Networks (DACS) University of Twente The Netherlands Security protocols application transport network datalink physical Contents IPSec overview

More information

Application Note: Onsight Device VPN Configuration V1.1

Application Note: Onsight Device VPN Configuration V1.1 Application Note: Onsight Device VPN Configuration V1.1 Table of Contents OVERVIEW 2 1 SUPPORTED VPN TYPES 2 1.1 OD VPN CLIENT 2 1.2 SUPPORTED PROTOCOLS AND CONFIGURATION 2 2 OD VPN CONFIGURATION 2 2.1

More information

Threat-Centric Security for Service Providers

Threat-Centric Security for Service Providers Threat-Centric Security for Service Providers Enabling Open & Programmable Networks Sam Rastogi, Service Provider Security Product Marketing, Security Business Group Bill Mabon, Network Security Product

More information

3GPP & unlicensed spectrum

3GPP & unlicensed spectrum IEEE 802 Interim Session Atlanta, USA Jan 11-16, 2015 doc.: IEEE 802.19-15/0008r0 3GPP & unlicensed spectrum Dino Flore Chairman of 3GPP TSG-RAN (Qualcomm Technologies Inc.) 3GPP 2013 3GPP & unlicensed

More information

Module 6. Internetworking. Version 2 CSE IIT, Kharagpur

Module 6. Internetworking. Version 2 CSE IIT, Kharagpur Module 6 Internetworking Lesson 2 Internet Protocol (IP) Specific Instructional Objectives At the end of this lesson, the students will be able to: Explain the relationship between TCP/IP and OSI model

More information

CSCI 454/554 Computer and Network Security. Topic 8.1 IPsec

CSCI 454/554 Computer and Network Security. Topic 8.1 IPsec CSCI 454/554 Computer and Network Security Topic 8.1 IPsec Outline IPsec Objectives IPsec architecture & concepts IPsec authentication header IPsec encapsulating security payload 2 IPsec Objectives Why

More information

A Performance Analysis of Gateway-to-Gateway VPN on the Linux Platform

A Performance Analysis of Gateway-to-Gateway VPN on the Linux Platform A Performance Analysis of Gateway-to-Gateway VPN on the Linux Platform Peter Dulany, Chang Soo Kim, and James T. Yu PeteDulany@yahoo.com, ChangSooKim@yahoo.com, jyu@cs.depaul.edu School of Computer Science,

More information

Network Security Part II: Standards

Network Security Part II: Standards Network Security Part II: Standards Raj Jain Washington University Saint Louis, MO 63131 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse473-05/ 18-1 Overview

More information

Executive Summary... 4. 1 Introduction... 6. 1.1 Drivers for Wi-Fi... 6. 1.2 Recent Wi-Fi Enablers... 7. 1.2.1 Evolving Standards...

Executive Summary... 4. 1 Introduction... 6. 1.1 Drivers for Wi-Fi... 6. 1.2 Recent Wi-Fi Enablers... 7. 1.2.1 Evolving Standards... TABLE OF CONTENTS Executive Summary... 4 1 Introduction... 6 1.1 Drivers for Wi-Fi... 6 1.2 Recent Wi-Fi Enablers... 7 1.2.1 Evolving Standards... 7 1.2.2 Evolving Device Capabilities... 8 1.2.3 Evolving

More information

small cells portfolio: integrating macro with small cells for best coverage and capacity

small cells portfolio: integrating macro with small cells for best coverage and capacity small cells portfolio: integrating macro with small cells for best coverage and capacity Nokia Solutions and Networks is extending its small cells offering to bring operators maximum benefit from combining

More information

Internet Security. Internet Security Voice over IP. Introduction. ETSF10 Internet Protocols 2011-11-22. ETSF10 Internet Protocols 2011

Internet Security. Internet Security Voice over IP. Introduction. ETSF10 Internet Protocols 2011-11-22. ETSF10 Internet Protocols 2011 Internet Security Voice over IP ETSF10 Internet Protocols 2011 Kaan Bür & Jens Andersson Department of Electrical and Information Technology Internet Security IPSec 32.1 SSL/TLS 32.2 Firewalls 32.4 + Voice

More information

Achieving Low-Latency Security

Achieving Low-Latency Security Achieving Low-Latency Security In Today's Competitive, Regulatory and High-Speed Transaction Environment Darren Turnbull, VP Strategic Solutions - Fortinet Agenda 1 2 3 Firewall Architecture Typical Requirements

More information

NeoAccel SSL VPN-Plus The Future of Virtual Private Networks

NeoAccel SSL VPN-Plus The Future of Virtual Private Networks NeoAccel SSL VPN-Plus The Future of Virtual Private Networks NeoAccel White Paper Overcoming the Performance Limitations of Conventional SSL VPN Introduction: The Evolution of Virtual Private Networks

More information

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or

More information

VPN Modules for Cisco 1841 and Cisco 2800 and 3800 Series Integrated Services Routers

VPN Modules for Cisco 1841 and Cisco 2800 and 3800 Series Integrated Services Routers Q&A VPN Modules for Cisco 1841 and Cisco 2800 and 3800 Series Integrated Services Routers OVERVIEW Q. What is a VPN? A. A VPN, or virtual private network, delivers the benefits of private network security,

More information

T-79.159 Cryptography and Data Security

T-79.159 Cryptography and Data Security T-79.159 Cryptography and Data Security Lecture 11: Security systems using public keys 11.1 PGP Kaufman et al: Ch 17, 11.2 SSL/TLS 18, 19 11.3 IPSEC Stallings: Ch 16,17 1 Pretty Good Privacy Email encryption

More information

Monitoring Site-to-Site VPN Services

Monitoring Site-to-Site VPN Services CHAPTER 6 Site-to-site VPN monitoring provides all the most important indicators of device and tunnel performance at a glance. Performance Monitor also enables you to determine quickly whether site-to-site

More information

Capabilities and Directions of 4G Technology (TDD-LTE) Phil Ridley CTO Feb 2011

Capabilities and Directions of 4G Technology (TDD-LTE) Phil Ridley CTO Feb 2011 Capabilities and Directions of 4G Technology (TDD-LTE) Phil Ridley CTO Feb 2011 4G versus 3G and earlier technologies A History of Wireless Internet 1G Analog Voice (eg. AMPS) 2G Digital (eg. GSM and GPRS,

More information

SiteCelerate white paper

SiteCelerate white paper SiteCelerate white paper Arahe Solutions SITECELERATE OVERVIEW As enterprises increases their investment in Web applications, Portal and websites and as usage of these applications increase, performance

More information

Cut Network Security Cost in Half Using the Intel EP80579 Integrated Processor for entry-to mid-level VPN

Cut Network Security Cost in Half Using the Intel EP80579 Integrated Processor for entry-to mid-level VPN Cut Network Security Cost in Half Using the Intel EP80579 Integrated Processor for entry-to mid-level VPN By Paul Stevens, Advantech Network security has become a concern not only for large businesses,

More information

LTE Attach and Default Bearer Setup Messaging

LTE Attach and Default Bearer Setup Messaging LTE Attach and Default Bearer Setup Messaging 2012 Inc. All Rights Reserved LTE Attach Message Sequence Chart enodeb MME SGW HSS Initial UE Message Update Location Update Location Answer Create Session

More information

Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer. February 3, 1999

Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer. February 3, 1999 Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer February 3, 1999 Frame Relay Frame Relay is an international standard for high-speed access to public wide area data networks

More information

CCNA Security 1.1 Instructional Resource

CCNA Security 1.1 Instructional Resource CCNA Security 1.1 Instructional Resource Chapter 8 Implementing Virtual Private Networks 2012 Cisco and/or its affiliates. All rights reserved. 1 Describe the purpose and types of VPNs and define where

More information

Practical Security Testing for LTE Networks BlackHat Abu Dhabi December 2012 Martyn Ruks & Nils

Practical Security Testing for LTE Networks BlackHat Abu Dhabi December 2012 Martyn Ruks & Nils Practical Security Testing for LTE Networks BlackHat Abu Dhabi December 2012 Martyn Ruks & Nils 06/11/2012 1 Today s Talk Intro to LTE Networks Technical Details Attacks and Testing Defences Conclusions

More information